5 év 6 hónap óta
Security updates have been issued by Arch Linux (crypto++ and thunderbird), Debian (cacti, freeimage, git, and jackson-databind), Fedora (nss), openSUSE (clamav, dnsmasq, munge, opencv, permissions, and shadowsocks-libev), Red Hat (nss, nss-softokn, nss-util, rh-maven35-jackson-databind, and thunderbird), Scientific Linux (nss, nss-softokn, nss-util, nss-softokn, and thunderbird), SUSE (caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, crowbar-ui, etcd, flannel, galera-3, mariadb, mariadb-connector-c, openstack-dashboard-theme-SUSE, openstack-heat-templates, openstack-neutron, openstack-nova, openstack-quickstart, patterns-cloud, python-oslo.messaging, python-oslo.utils, python-pysaml2, libssh, and strongswan), and Ubuntu (git, libpcap, libssh, and thunderbird).
ris
5 év 6 hónap óta
The Electronic Frontier Foundation has posted
a detailed
study on third-party corporate surveillance on the Internet (and
beyond). "Both Google and Apple encourage developers to use ad IDs
for behavioral profiling in lieu of other identifiers like IMEI or phone
number. Ostensibly, this gives users more control over how they are
tracked, since users can reset their identifiers by hand if they
choose. However, in practice, even if a user goes to the trouble to reset
their ad ID, it’s very easy for trackers to identify them across resets by
using other identifiers, like IP address or in-app storage. Android’s
developer policy instructs trackers not to engage in such behavior, but the
platform has no technical safeguards to stop it. In February 2019, a study
found that over 18,000 apps on the Play store were violating Google’s
policy."
corbet
5 év 6 hónap óta
A new mechanism to help thwart
return-oriented
programming (ROP) and similar attacks has recently been added to the
OpenBSD kernel. It will block system calls that are not made via the C
library (libc) system-call wrappers. Instead of being able to string
together some "gadgets" that make a system call directly, an attacker would
need to be able to call the wrapper, which is normally at a randomized location.
jake
5 év 6 hónap óta
5 év 6 hónap óta
5 év 6 hónap óta
5 év 6 hónap óta
5 év 6 hónap óta
The Kubernetes scheduler is being overhauled with a series of improvements
that will introduce a new framework and enhanced capabilities that could
help cluster administrators to optimize performance and
utilization. Abdullah Gharaibeh, co-chair of the Kubernetes scheduling
special interest group (
SIG
Scheduling), detailed what has been happening with the
scheduler in recent releases and what's on the roadmap
in a
session at
KubeCon + CloudNativeCon North America 2019.
jake
5 év 7 hónap óta
The Git project has released Git v2.24.1, v2.23.1, v2.22.2, v2.21.1,
v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and
v2.14.6. "These releases fix various security flaws, which allowed an
attacker to overwrite arbitrary paths, remotely execute code, and/or
overwrite files in the .git/ directory etc." The release notes
contained in this announcement have the details.
ris
5 év 7 hónap óta
Google Open Source has
announced
Google Summer of Code (GSoC) 2020, a program that introduces university
students to open-source development. "And the 'special sauce' that has
kept this program thriving for 16 years: the mentorship aspect of the
program. Participants gain invaluable experience working directly with
mentors who are dedicated members of these open source communities; mentors
help bring students into their communities while teaching them, guiding
them and helping them find their place in the world of open source."
Applications for interested organizations open on January 14.
ris
5 év 7 hónap óta
Security updates have been issued by Debian (firefox-esr, jruby, and squid3), Fedora (librabbitmq, libuv, and xpdf), openSUSE (calamares and opera), Oracle (kernel and nss), Red Hat (httpd24-httpd, kernel, kernel-alt, kpatch-patch, nss-softokn, sudo, and thunderbird), SUSE (apache2-mod_perl, java-1_8_0-openjdk, and postgresql), and Ubuntu (eglibc, firefox, and samba).
ris
5 év 7 hónap óta
Daniel Vetter has posted
a
summary of his LPC talk on kernel graphics drivers.
"Unfortunately the business case for 'upstream first' on the kernel
side is completely broken. Not for open source, and not for any fundamental
reasons, but simply because the kernel moves too slowly, is too big,
drivers aren’t well contained enough and therefore customer will not or
even can not upgrade. For some hardware upstreaming early enough is
possible, but graphics simply moves too fast: By the time the upstreamed
driver is actually in shipping distros, it’s already one hardware
generation behind. And missing almost a year of tuning and performance
improvements. Worse it’s not just new hardware, but also GL and Vulkan
versions that won’t work on older kernels due to missing features,
fragmenting the ecosystem further."
corbet
5 év 7 hónap óta
5 év 7 hónap óta
By the end of the merge window, 12,632 non-merge changesets had been
pulled into the mainline repository for the 5.5 release. This is thus a
busy development cycle — just like the cycles that preceded it. Just over
half of those changesets were pulled after the writing of
our first 5.5 merge-window summary. As is
often the case later in the merge window, many of those changes were
relatively boring fixes. There were still a number of interesting changes,
though; read on for a summary of what happened in the second half of this
merge window.
corbet
5 év 7 hónap óta
Security updates have been issued by CentOS (SDL), Debian (htmldoc, librabbitmq, nss, openjdk-7, openslp-dfsg, and phpmyadmin), Fedora (chromium, community-mysql, kernel, libidn2, oniguruma, proftpd, and rabbitmq-server), Mageia (ansible, clamav, evince, firefox, graphicsmagick, icu, libcryptopp, libtasn1, libtiff, libvncserver, libvpx, lz4, nss, openexr, openjpeg2, openssl, phpmyadmin, python-psutil, python-twisted, QT, sdl2_image, SDL_image, sysstat, thunderbird, and tnef), Oracle (firefox), Red Hat (java-1.8.0-ibm and nss), Scientific Linux (firefox and kernel), SUSE (kernel), and Ubuntu (nss).
ris
5 év 7 hónap óta
Linus has released the
5.5-rc1 kernel
prepatch and closed the merge window for this development cycle. "Everything looks fairly regular - it's a tiny bit larger (in commit
counts) than the few last merge windows have been, but not bigger
enough to really raise any eyebrows. And there's nothing particularly
odd in there either that I can think of: just a bit over half of the
patch is drivers, with the next big area being arch updates. Which is
pretty much the rule for how things have been forever by now.
Outside of that, the documentation and tooling (perf and selftests)
updates stand out, but that's actually been a common pattern for a
while now too, so it's not really surprising either."
corbet
5 év 7 hónap óta
5 év 7 hónap óta
Alexandr Nedvedicky (sashan@)
wrote to tech@
regarding a recent significant
change:
Hello,
commit from today [1] makes IP stack more paranoid. Up to now OpenBSD
implemented so called 'weak host model' [2]. The today's commit alters
that for hosts, which don't forward packets (don't act as routers).
Your laptops, desktops and servers now check packet destination address
with IP address bound to interface, where such packet is received on.
If there will be mismatch the packet will be discarded and 'wrongif'
counter will be bumped. You can use 'netstat -s|grep wrongif' to
display the counter value.
It is understood the behavior, which has been settled in IP stack since 80's,
got changed. tech@openbsd.org (or bugs@openbsd.org) wants to hear back from you,
if this change breaks your existing set up. There is a common believe this
change won't hurt majority (> 97%) users, though there is some non-zero risk,
hence this announcement is being sent.
thanks and
regards
sashan
[1] https://marc.info/?l=openbsd-cvs&m=157580332113635&w=2
[2] https://en.wikipedia.org/wiki/Host_model
Read more…
5 év 7 hónap óta
5 év 7 hónap óta